Commit `a69dcf2`

bryfry <bryon@fryer.io>

2016-09-28 12:54:59

adjust headings

master

1 parent 81c446e

Changed files (1)

exploit_exercises

nebula

level01

readme.md

@@ -1,13 +1,12 @@
+# Nebula - level01
 
-----------------------------------------------
-
-# About
+## About
 There is a vulnerability in the below program that allows arbitrary programs to
 be executed, can you find it?
 To do this level, log in as the level01 account with the password
 level01. Files for this level can be found in /home/flag01.
 
-# Source code
+## Source code
 
 ```
 #include <stdlib.h>
@@ -29,7 +28,8 @@ int main(int argc, char **argv, char **envp)
   system("/usr/bin/env echo and now what?");
 }
 ```
-# Solution
+
+## Solution
 From the [system(3)](http://linux.die.net/man/3/system) man page, `system` should not be used in a
 program that sets UID values. The [reason](http://stackoverflow.com/a/6268850) for this stems from
 the fact that a malicious user may set environment variables to other values, permitting nefarious

Commit a69dcf2

Commit `a69dcf2`